This is Part Five of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein. Too often cyber security, and related risk management, is viewed as a purely technological matter pertaining only to the processes and practices reliant upon IT assets, systems, partners and services. Reality is quite different. Cyber Security is[…]
This is Part Four of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein. Every approach to risk management, cyber-oriented, operational, IT, financial, and so on covers the core basics NIST describes as Identify, Protect, Detect, Respond, and Recover. And there are also many ways to describe the performance operations needed[…]
This is Part Three of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein Senior Executives perform an important role in any effective cyber risk and security program. They are the executors of the governance function. They provide direction, resources, and policy leadership. They are neither a rubber stamp, nor simply[…]
This is Part Two of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein Is your risk program awash in expanding piles of data, from many organizational, operational, and functional sources, that offer no clear sense of useful information? Do you find that comparing where you were a year ago to[…]
This is Part One of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein In a report published by the Institute of Internal Auditors Research Foundation (IIARF) on what boards of directors need to ask about cybersecurity, it was noted that only a bit more than 14% were actively engaged in[…]
This is the final blog of a four-part series on ERM from guest blogger Michael Rasmussen of GRC 20/20 Research. Risk management fails when information is scattered, redundant, non-reliable, and managed as a system of parts that do not integrate and work as a collective whole. The risk management information architecture supports the process architecture[…]
This is Part Three of a four-part blog series on ERM from guest blogger Michael Rasmussen of GRC 20/20 Research. The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management: “The more we study the major problems of our time, the more[…]
The core functionality of GRC has evolved in response to the need for a standardized and centralized data and process management structure supporting compliance and risk management functions in light of increasing complexity in both activities. As GRC further evolves into an enterprise platform, these capabilities cease to be solution differentiators, although they are no[…]
The Configurability of Workflow In some cases, these capabilities represent very basic, generic understandings of a workflow in the abstract that do not match the specific processes of the organization in question. Even in tools focused on a specific function or application of GRC, the workflows used by the solution may not match the individual[…]
The increased complexity and stakes of risk and compliance have resulted in strengthened demand for an understanding of the risks that face an organization. While this raises the profile of compliance and risk management with corporate leadership, it also presents new challenges. Few directors or senior executives outside of risk and compliance management have in-depth[…]
